Jusletter IT

A central requirement of any Digital Rights Management (DRM) system is a machine-readable knowledge representation language known as Rights Expression Language (REL) (Jamkhedkar/Heileman, 2004). RELs are used to explicate machine-readable rights for purposes such as access control, trust management and contracting (Garcia et al. 2004/2007/2009). RELs are used to govern behavioural aspects and explicate usage rights that occur during digitally mediated interactions between two or more parties (Pellegrini 2014). RELs should be understood as a grounding component of legal technologies as their primary purpose is to express, govern and sanction legally binding behaviour within technologically mediated environments.

Among the most prominent RELs are MPEG-21, ODRL-2.0 (and derivatives such as OMA DRM or RightsML), ccREL and XACML to name but a few (Ermilov/Pellegini 2015). Most RELs have been developed according to the needs of specific sectors. I.e. MPEG-21, OeBFRel, XMCL, PRISM and TV-Anytime RMPI are optimized for rights management purposes in the area of multimedia and media asset management (Rodriguez-Doncel/Delgado 2009). RELs such as WSLA, WS-Agreement, SLAng, WSPL or WS-Policy support access control, trust management and contracting for web services. And RELs such as ccREL (Creative Commons Rights Expression Language) or ODRL (Open Digital Rights Language) are designed for general purposes and have gained popularity especially in the area of content and data licensing (Rodriguez et al. 2015; Sande et al. 2012).

A recent literature analysis conducted by the authors in the preparation of this paper revealed that more than 60 RELs have been developed since the early 1990s, some being derivatives of older ones (i.e. MPEG-21 being the successor of XrML) and some being developed to serve completely new purposes (i.e. LDR to manage interlinked data sources). These developments illustrate that RELs are a vital area of research whose relevance might even increase with the growing degree of automation and algorithmic governance in areas such as e-commerce, e-procurement or IT-security to name but a few (Prenafeta 2010; Gangadharan/D’Andrea 2011a; Villata/Gandon 2012).

The REL landscape is characterized by heterogeneity and a high degree of diversification. Hence it is important to develop a good understanding of various REL types and their functional scope. Hence this paper presents preliminary results from an extensive literature review aiming at developing a genealogy of RELs and proposing a classification that illustrates the intended application areas of each REL for digital rights management purposes.

The paper is structured as follows: Section 2 briefly outlines the methodology. Section 3 investigates the history of RELs, discusses their application areas and introduces a genealogy of RELs in the timespan from 1989 to 2015. Section 4 gives an outlook on research perspectives and future work.

The findings presented in this paper have been derived from an extensive literature review conducted on published works between 1989 and 2015. The analysed corpus has been compiled from the databases IEEE, ACM and SpringerLink and complemented by an analysis of references given in peer-reviewed academic works. In total this resulted in a literature corpus of 301 scientific or technical papers, each having an explicit reference to RELs as their subject of research. The analysed RELs are either officially supported standards (i.e. by MPEG, OASIS or ISO), recommended norms (i.e. W3C recommendations) or community contributions (i.e. provided by research groups or individuals). A full list of analysed RELs can be found in Appendix 1.

During the first analytic phase each REL has been assigned a publication year thus allowing to draw a corresponding timeline. In a second phase we developed a REL genealogy illustrating the technical dependency of various RELs during their evolution. In a third phase we derived a classification of RELs by analysing the functional purpose in correspondence with their application area.

According to Jamkhedkar/Heileman (2008) the appearance of RELs was a reaction to the radical changes invoked by modern information technology and the Internet on the existing balance between intellectual property owners and consumers at the end of 1980s. The occurring disturbances invoked by massive and loss-free sharing of copyright protected assets led intellectual property owners to put pressure on technologists to develop effective DRM systems to prevent violation of copyright by consumers. The first REL was introduced by McCarty (1989) in the year 1989 and was called Language for Legal Discourse (LLD). It was based on a logical framework and its central idea was to «develop a deep conceptual model […] by selecting a small set of common categories such as, space, time, action, permissions, obligations, constraints, and so on, relevant to a particular legal domain, and then developing a knowledge representation language that reflects the structure of this set» (Jamkhedkar/Heileman 2008, p. 3).

By the mid 1990`s the development of RELs gained traction when Stefik and Casey (1994) filed a patent for DRM technology they developed at Xerox PARC. Their REL went beyond McCarty’s approach as it included the description of a «usage rights grammar» that was subsequently implemented in LISP and called the Digital Rights Property Language (DRPL) (ibid). Nowadays most existing and functional RELs conform to the axiomatic principles of rights modelling first laid down by LLD and DPRL (Prados et al. 2005) and have made serious advancements with respect to functionality, design and interoperability. Since 1989 more than 60 RELs have appeared throughout literature, and they have become an integral component of most IT-systems in the context of digital rights management applications and web services.

RELs are applied to express policies. According to Sloman (1994) policies define a relationship between subjects and targets within a policy domain. For the domain of digital rights management Chong et al. (2006, p. 290f) distinguish between six policy types known as 1) revenue policies, 2) provision policies, 3) operational policies, 4) contract policies, 5) copyright policies and 6) security policies. General purpose RELs such as MPEG-21 or ODRL by definition support all of these policies but also come along with specific strengths and limitations according to their functional design. Special purpose RELs covering just one or closely related policy domains are extending the application scope of general purpose RELs but also raise the level of technological complexity and evoke interoperability issues (Prados et al. 2005).

We applied Chong et al.’s policy types to our literature analysis but due to reasons of simplicity came up with a threefold distinction of application areas in the DRM domain, namely 1) access & trust policies, 2) license policies and 3) contracting policies. These three application areas have proven to be analytically reasonable given that the high amount or RELs discovered during our literature review prevented us from an in-depth functional analysis of each REL according to Chong et al.’s classification.

Given that, the three application areas for RELs can be defined as follows:

Contract Policies: According to Guth (2004, p. 81), a digital contract is a legally binding agreement of two or more parties, on the exchange of rights to (digital) goods or services under certain terms and conditions. A contract can be used as evidence to prove acceptance of liabilities and RELs can be applied to preserve these liabilities in the face of possible contingencies for the contract’s duration (Rodriguez et al. 2015, p. 64). Hence RELs can be applied to represent contracts in machine-readable form thus enabling automated processing and execution of contracts i.e. with respect to individual usage patterns, payment and enforcement purposes.

License Policies: According to Guth (2004, p. 82), a license should be understood as a specific type of contract granting general usage rights to intellectual property, technical know-how or technical inventions. Consequently, a license is used to express generalized terms about the intended usage pattern of a certain asset and usually defines the notion of property associated with a specific asset (such as declaring the degree of permissiveness allowed in the reuse of a certain asset). RELs are applied to represent licenses in a machine-readable form i.e. for purposes of similarity detection, compatibility checks and compliance with given terms and condition.

Access & Trust Policies: The last category refers to actions like authentication, authorization and security preservation. Access policies define permissions, restrictions or prohibitions associated with an asset for making this asset available to a user in a specific role or other related feature of distinction (Kirrane et al. 2015).¹ Additionally, access policies can be used to explicate service level agreements and define the conditions of service delivery with respect to quality of service, security and privacy issues. Complementary to that, trust policies express conditions for interactions between entities that don’t know each other and where a sufficient level of confidentiality and privacy should be preserved for a specific context or duration (Aradhana 2011). RELs applied to the explication of access and trust policies usually capture higher-level goals. Such policies provide the means for specifying and modulating the terms of an asset and align its capabilities and constraints with the requirements of its users (Gangadharan/D’Andrea 2011b).

Each REL can be used to express policies for either one or several of these application areas at various degrees of granularity and specificity. Hence we can distinguish between general purpose RELs (such as ODRL, MPEG-21 being the most prominent ones) and special purpose RELs targeted at one or two specific application areas. Figure 1 illustrates the assignment of RELs to their policy domain(s).

Fig 1: Classification of RELs according to their application area

The findings reveal that most RELs have been developed for the purpose of access and trust management which is insofar plausible as access and trust policies usually lay the foundation on which contract and licensing policies are being executed and enforced. This is also replicated in the fact that 40 out of 61 RELs contain functional features related to access and trust management, especially when an intersection with contract policies is given. 28 out of 61 RELs support contract management and 24 out of 61 RELs are related to license management. Special purpose RELs are either specifically designed to serve these areas as stand-alone RELs or come along as specific functional extensions of general purpose RELs often as a result of a community initiative governed by an official standardization body or industry working group.

Figure 2 illustrates a genealogy of RELs between 1989 and 2015 based on the literature review underlying this study. The timeline indicates the point in time when the REL has either become an officially supported standard or recommendation or has been introduced to the scientific discourse for the first time. The dotted lines between the RELs indicate their technological interdependence and genealogy. The assigned colours indicate the functional spectrum of each REL according to the application areas described in section 3.2.

We discovered a total of 61 RELs in the given time period with a massive increase in REL development between 2000 and 2005. 44 out of 61 RELs have been introduced in this time period either as proof of concept or as part of official standardization initiatives carried out under the auspices of The Moving Picture Experts Group (i.e. MPEG-21), the W3C (i.e. ODRL), the Open Mobile Alliance (i.e. OMA DRM) or the International Press & Telecommunications Council (i.e. ACAP and RightsML).

Despite these prominent examples for official standardization initiatives, the majority of RELs (43 out of 61) – especially if designed for special purposes – is subject to community or research initiatives (i.e. LicenseScript, Ponder, KAoS, Protune, METSRights, L4LOD) or commercial endeavours (i.e. EPAL, WS-Policy, PRISM ML).

Another finding relates to the appearance of special purpose RELs over the course of time. In the early days of REL development, access and trust policies dominated the community and industry endeavours, followed by contract policies and finally by license policies. The relatively late appearance of license policies can be interpreted as a reaction to the growing popularity of open and commons-based licensing models applied to content and data over the previous years and the complexity with respect to copyright issues arising from the combination of open and closed licensing models.

Overall our findings suggest that only a handful of RELs are being constantly maintained and advanced according to the requirements of contemporary IT systems. In contrast the majority of identified RELs seems to run short of continuous support either because they have just been developed as a proof of concept or they have been superseded by other RELs.

 

Fig 2: Genealogy and Classification of RELs from 1989 to 2015

This paper presented the first results from an extensive literature review on RELs. The results have been validated by the authors but are still subject to further investigation and elaboration. Nevertheless, the results already give a good insight into the development, state of the art and future direction of REL-related research.

In our future work – which goes beyond the scope of this paper – the authors will extend their classification scheme not just by looking at the application area and functional similarity but also by investigating the technological design and functional interdependence of RELs. Further on, we plan to compare RELs according to their design principle, data model, the expressivity of their vocabulary and their serialization. This will provide us with a deeper insight into the syntactic and semantic interoperability of existing RELs and their applicability within interconnected IT-systems.

Funded by the Austrian Federal Ministry of Transport, Innovation and Technology (BMVIT) under the program «ICT of the Future» in the DALICC project. Runtime: November 2016 – October 2018. More information https://iktderzukunft.at/en/ and https://www.dalicc.net.

Aradhana, Chana, I., 2011. Developing trust policies for cloud scenarios. IEEE, pp. 389–393. https://doi.org/10.1109/ICCCT.2011.6075147.

Ermilov, I./Pellegrini, T. (2015). Data licensing on the cloud: empirical insights and implications for linked data (S. 153–156). ACM Press.

Gangadharan, G.R./D’Andrea, V. (2011a). Managing Copyrights and Moral Rights of Service-Based Software. IEEE Software, pp. 48–55. 0740-7459/11.

Gangadharan, G.R./D’Andrea, V. (2011b). Service licensing: conceptualization, formalization, and expression. Service Oriented Computing and Applications 5, 37–59. https://doi.org/10.1007/s11761-011-0079-6.

García, R./Gil, R. (2009). Copyright Licenses Reasoning an OWL-DL Ontology. In Proceedings of the 2009 Conference on Law, Ontologies and the Semantic Web: Channelling the Legal Information Flood (p. 145–162). Amsterdam: IOS Press.

García, R./Gil, R./Delgado, J. (2007). A web ontologies framework for digital rights management. Artificial Intelligence and Law, 15(2), 137–154. http://doi.org/10.1007/s10506-007-9032-6.

García, R./Gil, R./Delgado, J. (2004). Intellectual Property Rights Management Using a Semantic Web Information System. In R. Meersman & Z. Tari (Hrsg.), On the Move to Meaningful Internet Systems 2004: CoopIS, DOA, and ODBASE (Bd. 3290, S. 689–704). Berlin, Heidelberg: Springer Berlin Heidelberg. Abgerufen von http://link.springer.com/10.1007/978-3-540-30468-5_44.

Guth S. (2004). Interoperability of Digital Rights Management Systems via the Exchange of XML-based Rights Expressions. Dissertation: University of Vienna.

Jamkhedkar, P.A./Heileman, G.L. (2008). A formal conceptual model for rights. ACM Press, p. 29. https://doi.org/10.1145/1456520.1456528.

Kirrane, Sabrina/Mileo, Alessandra/Decker, Stefan (2015). Access Control and the Resource Description Framework: A Survey. In: Semantic Web Journal. See also: http://www.semantic-web-journal.net/content/access-control-and-resource-description-framework-survey.

McCarty, L. T. (1989). A Language for Legal Discourse I. Basic Features. In ICAIL ’89: Proceedings of the 2nd international conference on Artificial intelligence and law, pages 180–189, New York, NY, USA.

Pellegrini, T. (2014). Linked Data Licensing – Datenlizenzierung unter netzökonomischen Bedingungen. In E. Schweighöfer et al. (Hrsg.), Transparenz. 17. Int. Rechtsinformatik Symposium IRIS 2014. Wien: OCG Verlag.

Prenafeta, J. (2010). Protecting Copyright Through Semantic Technology. Publishing Research Quarterly, 26(4), 249–254.

Prados, J./Rodriguez, E./Delgado, J. (2005). Interoperability between Different Rights Expression Languages and Protection Mechanisms. Presented at the First International Conference on Automated Production of Cross Media Content for Multi-Channel Distribution (AXMEDIS’05), IEEE, Florence, Italy, pp. 145–152. doi:10.1109/AXMEDIS.2005.28.

Rodriguez-Doncel, V./Delgado, J. (2009). A Media Value Chain Ontology for MPEG-21. IEEE Multimedia, 16(4), 44–51. http://doi.org/10.1109/MMUL.2009.78.

Rodriguez, E./Delgado, J./Boch, L./Rodriguez-Doncel, V. (2015). Media Contract Formalization Using a Standardized Contract Expression Language. IEEE MultiMedia, 22(2), 64–74. http://doi.org/10.1109/MMUL.2014.22.

Safavi-Naini R./Sheppard N. P./Uehara T. (2004). Import/Export in Digital Rights Management. In: DRM, Jiayias, A., CCS, Association for Computing Machinery (Eds.), 2004. Proceedings of the Fourth ACM Workshop on Digital Rights Management: Washington, DC, USA, October 257, 20043 ; co-located with CCS 2004. Association for Computing Machinery, New York, NY.

Sande, Miel Vander/Portier, Marc/Mannens, Erik/Van de Walle, Rik (2012). Challenges for open data Usage: Open Derivatives and Licensing. In: https://www.w3.org/2012/06/pmod/pmod2012_submission_4.pdf, accessed February 12, 2016.

Sloman M. (1994). Policy driven management for distributed systems. In: Journal of Network and Systems Management, 333(2).

Stefik, M. J./Casey, M. M. (1994).Rights Expression Languages of Digital Works. Xerox Corporation, U.S. Patent No. 5,629,980.

Villata, S./Gandon, F. (2012). Licenses compatibility and composition in the web of data. In: COLD – Workshop in conjunction with the 11th International Semantic Web Conference 2012. CEUR WS Proceedings, 905.

Weitzner, D.J./Hendler, J./Berners-Lee, T./Connolly, D. (2006). Creating a policy-aware web: Discretionary, rule-based access, in: Web and Information Security. IRM Press.

Year	Abbreviation	Full Name	Maintained by
1989	LLD	Language for Legal Discourse	McCarty
1995	DPRL 1.0	Digital Property Rights Language v1.0	Xerox Park
1995	Ponder		Damianou, Dulay, Lupu & Sloman
1998	DPRL 2.0	Digital Property Rights Language v2.0	Xerox Park
1998	KeyNote		Blaze, Feigenbaum, Ioannidis & Keromytis
1999	PDL	Policy Description Language	Lobo, Bhatia & Naqvi
2000	XrML 1.0	eXtensible Right Markup Language v1.0	Content Guard (a Xerox Park Spin Off)
2000	DocLog		Tan & Thoen
2000	(D)TPL	(Defined) Trust Policy Language	IBM Research
2000	PSPL	Portfolio and Service Protection Language	Bonatti & Samarati
2000	PAPL	Person Allocation Policy Language	Bonatti & Samarati
2001	ODRL 1.0	Open Digital Rights Language v1.0	W3C
2001	XMCL	eXtensible Media Commerce Language	RealNetworks
2001	ECL	Enterprise Contract Language	Neal
2001	X-SEC		Bertino, Castano & Ferrari
2001	PRML	Privacy Rights Markup Language	Zero-Knowledge Systems & IBM
2001	EPML	Enterprise Privacy Markup Language	Zero-Knowledge Systems & IBM
2002	ODRL 1.1	Open Digital Rights Language v1.1	W3C
2002	OMA DRM 1.0	OMA DRM Rights Expression Language v1.0	Open Mobile Alliance
2002	XrML 2.0	eXtensible Right Markup Language v2.0	Content Guard (a Xerox Park Spin Off)
2002	ebXML CPP/A 2.0	ebXML Collaboration Protocol Profile and Agreement v2.0	OASIS
2002	REI 1.0	Rights Expression and Interpretation v1.0	Kagal, Paolucci, Srinivasan, Denker, Finin & Sycara
2002	P3P 1.0	Platform for Privacy Preferences v1.0	W3C
2002	APPEL	A P3P Preference Exchange Language v1.0	W3C
2002	DPL	Deontic Policy Language	Milosevic & Dromey
2003	MPEG-21		The Moving Picture Experts Group
2003	OeBF REL	Open eBook Forum REL	Open eBook Forum
2003	WSOL	Web Service Offering Language	Tosic, Pagurek, Patel, Esfandiari & Ma
2003	WSLA	Web Service Level Agreement	Keller & Ludwig
2003	XACML 1.0	eXtensible Access Control Markup Language v1.0	OASIS
2003	SweetDeal		Grosof & Poon
EPAL		Enterprise Privacy Authorization Language	IBM
2003	KAoS		Uszok, Bradshaw, Jeffers, Suri, Hayes, Breedy, Bunch, Johnson, Kulkarni & Lott
2004	METSRights	Metadata Encoding and Transmission Standard Rights	Library of Congress
2004	OMA DRM 2.0	OMA DRM Rights Expression Language v2.0	Open Mobile Alliance
2004	TV Anytime RMPI	TV Anytime Rights Management and Protection Information	European Broadcasting Union
2004	AVS-REL	Advanced Audio Video Coding Standard Rights Expression Language	Advanced Audio Video Coding Standard (AVS) Workgroup
2004	BCL	Business Contract Language	Governatori & Milosevic
2004	WSPL	Web Services Policy Language	Vedamuthu, Orchard, Hirsch, Hondo, Yendluri, Bubez & Yacinalp
2004	DPAL	Declarative Privacy Authorization Language	n.s.
2004	SLAng	SLA notation generator	Skene, Lamanna & Emmerich
2004	PeerTrust		Gavriloaie, Nejdl, Olmedilla, Seamons & Winslett
2004	ISO REL		Content Guard (a Xerox Park Spin Off)
2004	MPEG-21 IPMP	MPEG-21 Intellectual Property Management and Protection	The Moving Picture Experts Group
2004	PLUS	Picture Licensing Universal System	PLUS Coalition
2005	PRISM RL	Publishing Requirements for Industry Standard Metadata Rights Language	Idealliance
2005	ebXML CPP/A 2.1	ebXML Collaboration Protocol Profile and Agreement v2.1	OASIS
2005	Protune	PRovisional TrUst NEgotiation framework	De Coi, Olmedilla, Bonatti & Sauro
2005	REI 2.0	Rights Expression and Interpretation v2.0	Kagal, Paolucci, Srinivasan, Denker, Finin & Sycara
2005	P3P 1.1	Platform for Privacy Preferences v1.1	W3C
2006	XACML 2.0	eXtensible Access Control Markup Language v2.0	OASIS
2006	LicenseScript		Chong, Corin, Etalle, Hartel, Jonker & Law
2007	WS-Policy	Web Services Policy	Anderson
2007	ACAP 1.0	Automated Content Access Protocol v1.0	International Press Telecommunications Council
2007	WS-Agreement	Web Services Agreement Specification	Open Grid Forum
2007	OSL	Obligation Specification Language	Hilty, Pretschner, Basin, Schaefer & Walter
2008	ODRL-S	Open Digital Rights Language for Services	Gangadharan, D’Andrea, Iannella & Weiss
2008	ccREL	Creative Commons Rights Expression Language	Creative Commons Foundation / W3C
2009	ExRiVob	Extended Rights Vocabulary	Wang, Seki & Kameyama
2009	LucScript	Logic-based Usage Control License Script	Zhong, Lin & Guo
2009	ACAP 1.1	Automated Content Access Protocol v1.1	International Press Telecommunications Council
2010	PAPEL	Provenance-Aware Policy definition and Execution Language	Ringelstein & Staab
2012	ODRL 2.0	Open Digital Rights Language	W3C
2013	L4LOD	Licenses for Linked Open Data	Governatori, Rotolo, Villata & Gandon
2013	RightsML	Rights Markup Language	International Press Telecommunication Council
2013	XACML 3.0	eXtensible Access Control Markup Language	OASIS
2013	Legal Rule ML	Legal Rule Markup Language	OASIS
2013	ODRS	Open Data Rights Statement Vocabulary	Dodds
2014	LDR 2.0	Linked Data Rights v2.0	Rodriguez, Poveda-Villalón, Suarez & Gomez
2015	ODRL 2.1	Open Digital Rights Language v2.1	W3C
2015	MPEG-21 CEL	MPEG-21 Contract Expression Language	The Moving Picture Experts Group
2015	MPEG-21 MCO	MPEG-21 Cmedia Contract Ontology	The Moving Picture Experts Group